«

Hello

I'm experiencing a strange problem with a GRE over IPSec tunnel between
two Cisco routers.

The configuration is tested and has been working for a long time,
except for a single application. This client-server application works
on UDP and this is what happens:

1) app-client generates a 1800 bytes UDP packet
2) packet is fragmented 1500 + 300 by the first router met
3) the two fragmented packets (1500 and 300) hit the VPN tunnel
interface but they don't make it to the other side of the tunnel. It
looks as they're silently dropped, app-server never sees them.

The tunnel works in transport mode and ip mtu is set to 1440 bytes, the
load on the VPN routers is very very low. The tunnel perfectly
fragments packets bigger than 1440 but smaller than 1500

Thank you for any advice

Not sure but maybe this :

http://www.cisco.com/en/US/products/...html#wp1029667


"profile0104" <> wrote in message
news: oups.com...
> Hello
>
> I'm experiencing a strange problem with a GRE over IPSec tunnel between
> two Cisco routers.
>
> The configuration is tested and has been working for a long time,
> except for a single application. This client-server application works
> on UDP and this is what happens:
>
> 1) app-client generates a 1800 bytes UDP packet
> 2) packet is fragmented 1500 + 300 by the first router met
> 3) the two fragmented packets (1500 and 300) hit the VPN tunnel
> interface but they don't make it to the other side of the tunnel. It
> looks as they're silently dropped, app-server never sees them.
>
> The tunnel works in transport mode and ip mtu is set to 1440 bytes, the
> load on the VPN routers is very very low. The tunnel perfectly
> fragments packets bigger than 1440 but smaller than 1500
>
> Thank you for any advice
>

Thank you Martin, but my routers are two 2691 and I don't think there's
a similar command for them

Martin Bilgrav wrote:
> Not sure but maybe this :
>
> http://www.cisco.com/en/US/products/...html#wp1029667
>
>
>